[sudo-users] How to preserve functions in scripts for calling by sudo?

L A Walsh sudo at tlinx.org
Sat Jun 3 08:57:23 MDT 2017

Todd C. Miller wrote:
> Defaults env_keep += "*"
> Defaults env_keep += "*=()*"
Yeah noticed similar in the version I'm using after
I removed the hardcoded func removal, though it only
needed env_keep="*"
> The reason for not preserving bash functions in the environment is
> that it allows a user with sudo permissions to subvert any bash
> script.
That it is configurable, now, vs. before when it was
hard-coded to always exclude them, removes my major complaint
about sudo's filtering.  I.e. I asked for a way to make
it configurable w/the idea of it being hard-coded being
a problem.

> Instead of having the functions inherited via the environment I'd
> suggest you include them in the scripts where they are needed.
    That's exactly what I'm doing, BUT, the scripts are
non-trivial, and like any non-trivial program one wants to limit
the time & area where one runs as root.

    So the script only elevates to root for 4-5 lines in
a 350 line script.

    It's in that 'elevation' that I was losing functions
*internal* to the script I was running, which was forcing me
to run scripts having 1 line needing root to have all lines run
as root -- a very bad security trade-off, IMO.

> Alternately, you could push the use of sudo down to the actual
> command where it is needed.  In other words, only use sudo for the
> mv or rm commands in your example.
    That's what I had in one script until I replaced all
the 'rm' and 'mv' commands with 'safer_rm' and 'safer_mv'.

    Conceptually I want the ability to be able to substitute
functions for commands as needed, so I can have "commands"
w/modified functionality in some situations. 

    I want root to behave the same way as my normal login, as
I want to be able to just use 'sudo' as a means to raise
privilege level when needed.  I realize sudo has grown to
allow tons of configurable usages, but as mentioned above,
it was the unilateral disabling of various features w/no way
to re-enable them that was causing me problems.

    Most recently I did something (not sure what) that
prevented me from adding a sudo before gvim (it cleared
DISPLAY and REMOTEHOST).   It was easy to fix -- simply
except those vars from removal -- but not sure why it
worked before when those vars weren't specifically excepted.

    Anyway, the short answer, "now", on preserving funcs
is to use the 'env_keep' w/env_reset -- something that
wasn't possible when those funcs were first removed.

So Thanks for the fix!

More information about the sudo-users mailing list